A popular WordPress plugin leaked access tokens capable of hijacking Twitter accounts

A popular WordPress plugin, installed on thousands of websites to help users share content on social media sites, left linked Twitter accounts exposed to compromise.
The plugin, Social Network Tabs, was storing so-called account access tokens in the source code of the WordPress website. Anyone who viewed the source code could see the linked Twitter handle and the access tokens. These access tokens keep you logged in to the website on your phone and your computer without having to re-type your password every time or entering your two-factor authentication code.
But if stolen, most sites can’t differentiate between a token used by the account owner, or a hacker who stole the token.
Baptiste Robert, a French security researcher who goes by the online handle Elliot Alderson, found the vulnerability and shared details with TechCrunch. He later tweeted details of the bug on Thursday.
In order to test the bug, Robert found 539 websites using


Original URL: http://feedproxy.google.com/~r/Techcrunch/~3/LR44OlbFhu8/

Original article

Huge Collection #1 database leak exposes 773 million email addresses and 21 million passwords

A massive database leak — dubbed Collection #1 — has made its way to hacking forums, exposing millions of email addresses and passwords. The news was first shared by Troy Hunt — the man behind Have I Been Pwned? — who explains that the leak comprises, “many different individual data breaches from literally thousands of different sources”. Hunt explains that there are “1,160,253,228 unique combinations of email addresses and passwords”, so there are a very large number of people that may have been affected by the leak. See also: Organizations suffer breaches despite confidence in their security measures Email security… [Continue Reading]


Original URL: https://betanews.com/2019/01/17/collection-1-email-password-leak/

Original article

How to Configure and Use PAM in Linux

Linux-PAM (short for Pluggable Authentication Modules which evolved from the Unix-PAM architecture) is a powerful suite of shared libraries used to dynamically authenticate a user to applications (or services) in a Linux system. It…
[[ This is a content summary only. Visit my website for full links, other content, and more! ]]


Original URL: http://feedproxy.google.com/~r/tecmint/~3/72kxDK98cts/

Original article

Linux.org’s DNS Got Hijacked

Linux.org reports:
Wednesday afternoon around 5pm EST someone was able to get into the registrar account for our domain and point DNS to another server — as well as lock us out from changing it. They pointed the domain name to a pretty rude page for most of the evening until Cloudflare stepped in and blocked the domain for us.
After a lot of back and forth with our registrar, we were able to get things back under our control. I’d like to point out that our server environment was not touched so there are no worries about your data. We’ve gone over security protocols and are tightening things up that may have slipped through in the past. Thanks for your support!

Linux.org apparently pointed to a page exclaiming “G3T 0WNED L1NUX N3RDZ”, which also included a NSFW picture, some abusive language, a shout-out to recently-deceased programmer Terry Davis, and a


Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ayHa4-QHDP8/linuxorgs-dns-got-hijacked

Original article

Tor Browser: An Ultimate Web Browser for Anonymous Web Browsing in Linux

Most of us give a considerable time of ours to Internet. The primary Application we require to perform our internet activity is a browser, a web browser to be more perfect. Over Internet most…
[[ This is a content summary only. Visit my website for full links, other content, and more! ]]


Original URL: http://feedproxy.google.com/~r/tecmint/~3/lBpgDsEio4E/

Original article

A Swedish ISP has blocked Elsevier’s website in protest for forcing it to block Sci-Hub

Bahnhof’s page blocking access to Sci-Hub. (Screenshot: TechCrunch)
A little known fact about Swedes: when they get angry, they will often scribble down a note on paper — sometimes anonymously — and leave it where it will be seen, rather than confront a person face-to-face.
One extremely angry Swedish pro-freedom internet provider took that passive aggression to a whole new level.
On Thursday, Stockholm-based Bahnhof was ordered by a Swedish copyright court to block Sci-Hub, a pirate site dedicated to free access to academic papers and research. The site, operated by a Kazakh student Alexandra Elbakyan, has faced court orders and threats of site blocks across Europe, following lawsuits from academic publishers like Elsevier, which brought the most recent case.
Bahnhof was forced to block 20 domains associated with Sci-Hub, according to the company’s response to the court order.
Resigned to the fact that it was unlikely to win an appeal, the internet provider called


Original URL: http://feedproxy.google.com/~r/Techcrunch/~3/9xxCpyEF73E/

Original article

Here’s how to find out if your Facebook was hacked in the breach

Are you one of the 30 million users hit by Facebook’s access token breach announced two weeks ago? Here’s how to find out.

Facebook breach saw 15M users’ names & contact info accessed, 14M’s bios too

Visit this Facebook Help center link while logged in: https://www.facebook.com/help/securitynotice?ref=sec.
Scroll down to the section “Is my Facebook account impacted by this security issue?”
Here you’ll see a Yes or No answer to whether your account was one of the 30 million users impacted. Those affected will also receive a warning like this atop their News Feed:
If Yes, you’ll be in one of three categories:
A. You’re in the 15 million users’ whose name plus email and/or phone number was accessed.
B. You’re in the 14 million users’ who had that data plus account bio data accessed including “username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they


Original URL: http://feedproxy.google.com/~r/Techcrunch/~3/4-kAdEAdjnI/

Original article

How to Use Fail2ban to Secure Your Linux Server

Improving your server security should be one of your top priorities, when it comes to managing a linux server. By reviewing your server logs, you may often find different attempts for brute force login,…
[[ This is a content summary only. Visit my website for full links, other content, and more! ]]


Original URL: http://feedproxy.google.com/~r/tecmint/~3/iBdx6m4nLAI/

Original article

400,000 Websites Vulnerable Through Exposed .git Directories

Open .git directories are a bigger cybersecurity problem than many might imagine, at least according to a Czech security researcher who discovered almost 400,000 web pages with an open .git directory possibly exposing a wide variety of data. From a report: Vladimir Smitka began his .git directory odyssey in July when he began looking at Czech websites to find how many were improperly configured and allow access to their .git folders within the file versions repository. Open .git directories are a particularly dangerous issue, he said, because they can contain a great deal of sensitive information. “Information about the website’s structure, and sometimes you can get very sensitive data such as database passwords, API keys, development IDE settings, and so on. However, this data shouldn’t be stored in the repository, but in previous scans of various security issues, I have found many developers that do not follow these best practices,”


Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/y-PzGUkbweM/400000-websites-vulnerable-through-exposed-git-directories

Original article

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: